General

  • Target

    XPSFixer.exe

  • Size

    73KB

  • Sample

    240509-d5pv1agd7t

  • MD5

    2445f274e0a44f5606db9db9e7f846cd

  • SHA1

    2f35df180608ac170546b861ed80ead800493e7b

  • SHA256

    38c85281a7cfac3eb2022e8eb37b4b0f371bcfc6387e06602047febe0fe187d6

  • SHA512

    d5d45626cb598d41d7c69f14e16194a4b64b8f72c462e928026553b0e14fed023648f6f7b7fdaa51055a02dc7f319dd5a8eac21517c12918cc509ac5d2ccd335

  • SSDEEP

    768:GvjBUWiCoEsC4Vg8cxmKNVW09J6Eqxid2eOjebdub+bfW8vAzlf0YfDDn9Q78eyh:qBUWiCoRLoLWA6Eqy254ub+668jLhfS

Score
10/10

Malware Config

Targets

    • Target

      XPSFixer.exe

    • Size

      73KB

    • MD5

      2445f274e0a44f5606db9db9e7f846cd

    • SHA1

      2f35df180608ac170546b861ed80ead800493e7b

    • SHA256

      38c85281a7cfac3eb2022e8eb37b4b0f371bcfc6387e06602047febe0fe187d6

    • SHA512

      d5d45626cb598d41d7c69f14e16194a4b64b8f72c462e928026553b0e14fed023648f6f7b7fdaa51055a02dc7f319dd5a8eac21517c12918cc509ac5d2ccd335

    • SSDEEP

      768:GvjBUWiCoEsC4Vg8cxmKNVW09J6Eqxid2eOjebdub+bfW8vAzlf0YfDDn9Q78eyh:qBUWiCoRLoLWA6Eqy254ub+668jLhfS

    Score
    10/10
    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks